If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
GUI Registry Editor that runs on Linux?
Hi All,
I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? Many thanks, -T |
Ads |
#2
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On Wed, 15 Feb 2017 15:51:53 -0800, T wrote:
Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? Many thanks, -T The only solution I know of is to run the Windows registry program under Wine. That could be done from a thumb drive with Linux installed with Wine. I mean "installed", not a live CD/DVD. -- Wildman GNU/Linux user #557453 The cow died so I don't need your bull! |
#3
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On Wed, 15 Feb 2017 18:30:24 -0600, Wildman
wrote: On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. I did a Google search of "windows registry graphical editor that runs on linux" and was presented with this possibility. http://realinfosec.com/?p=772 Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? Many thanks, -T The only solution I know of is to run the Windows registry program under Wine. That could be done from a thumb drive with Linux installed with Wine. I mean "installed", not a live CD/DVD. |
#4
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On 02/15/2017 06:57 PM, Monty wrote:
On Wed, 15 Feb 2017 18:30:24 -0600, Wildman wrote: On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. I did a Google search of "windows registry graphical editor that runs on linux" and was presented with this possibility. http://realinfosec.com/?p=772 Awesome! Thank you! Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? Many thanks, -T The only solution I know of is to run the Windows registry program under Wine. That could be done from a thumb drive with Linux installed with Wine. I mean "installed", not a live CD/DVD. |
#5
|
|||
|
|||
GUI Registry Editor that runs on Linux?
T wrote:
On 02/15/2017 06:57 PM, Monty wrote: On Wed, 15 Feb 2017 18:30:24 -0600, Wildman wrote: On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. I did a Google search of "windows registry graphical editor that runs on linux" and was presented with this possibility. http://realinfosec.com/?p=772 Awesome! Thank you! Another option: try ntpasswd: http://pogostick.net/~pnh/ntpasswd/ It includes a (somewhat limited) registry editor. Or burn a ReactOS livecd and try the included regedit the https://sf.net/projects/reactos/file...0.4.3-live.zip ....or a regular Windows livecd, using any number of tools (almost all of which require a Windows CD/DVD to create the livecd), which may or may not allow you to view the system's registry. (I don't know; never tried.) -- What kind of moron puts a portal to the Prince of Demons at ground level? |
#6
|
|||
|
|||
GUI Registry Editor that runs on Linux?
I wrote:
Another option: try ntpasswd: http://pogostick.net/~pnh/ntpasswd/ It includes a (somewhat limited) registry editor. Note: non-graphical. -- - I have an idea. - It's amazing that four little words can inspire so much fear... |
#7
|
|||
|
|||
GUI Registry Editor that runs on Linux?
"Wildman" wrote
| registry program under Wine. That could be done | from a thumb drive with Linux installed with | Wine. I mean "installed", not a live CD/DVD. There are boot CDs. I've used one successfully, but I don't remember now which one. It's been awhile. I'm pretty sure it was either Hiren's or UBCD. It boots to XP and includes 2 or 3 Registry editors. These days maybe there's a Win7 version. I don't know. I also don't know if there's any issue editing 64-bit Registry from 32-bit windows. Probably not, but I don't know for certain. The down side with such boot CDs is that they typically have lots and lots of tools but the tools are only included if they're free. Often there's not much that's actually useful. |
#8
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On 02/16/2017 12:23 AM, Auric__ wrote:
I wrote: Another option: try ntpasswd: http://pogostick.net/~pnh/ntpasswd/ It includes a (somewhat limited) registry editor. Note: non-graphical. Use it all the time to blank out passwords the user has forgotten |
#9
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On Wed, 15 Feb 2017 15:51:53 -0800, T wrote:
Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? The Kaspersky editor (binary) can be moved to another partition, and you can boot the PC with a Linux OS on another disk and use the editor from there. Works (or used to) with Debian. It's called "RegistryEditor".. If you use 7-zip or something to extract it from the image, don't forget to make it executable. The "SSSSLLLLOOOOWWW" is because you are running it from the CD. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#10
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On 02/17/2017 03:47 AM, Shadow wrote:
On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? The Kaspersky editor (binary) can be moved to another partition, and you can boot the PC with a Linux OS on another disk and use the editor from there. Works (or used to) with Debian. It's called "RegistryEditor".. If you use 7-zip or something to extract it from the image, don't forget to make it executable. I tried that and couldn't get it to work. How did you do that? The "SSSSLLLLOOOOWWW" is because you are running it from the CD. My other Live CD/DVD and not anywhere near that slow. K's is a special case in lethargy. I also tried dd's K's ISO to a USB. Gets about half booted and seizes. Also tried NetBootin with the same result. |
#11
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On Fri, 17 Feb 2017 14:22:45 -0800, T wrote:
On 02/17/2017 03:47 AM, Shadow wrote: On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? The Kaspersky editor (binary) can be moved to another partition, and you can boot the PC with a Linux OS on another disk and use the editor from there. Works (or used to) with Debian. It's called "RegistryEditor".. If you use 7-zip or something to extract it from the image, don't forget to make it executable. I tried that and couldn't get it to work. How did you do that? Easiest way, boot the Kaspersky rescue disk, copy the binary to your home folder, in which case making it executable is not necessary. You can probably find it under \usr\sbin\ Or, you can extract it from your Kaspersky Rescue Disk USB using 7-Zip (L:\ being my pendrive) L:\rescue\rescue.iso\rescue\LiveOS\squashfs.img\Li veOS\ext3fs.img\usr\sbin\RegistryEditor $ chmod +x RegistryEditor $ ./RegistryEditor Don't forget the ./ before the executable, if it's not on your path Just did it, it's very fast, as fast as Window's regedit. HTH []'s The "SSSSLLLLOOOOWWW" is because you are running it from the CD. -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#12
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On 02/19/2017 06:36 AM, Shadow wrote:
On Fri, 17 Feb 2017 14:22:45 -0800, T wrote: On 02/17/2017 03:47 AM, Shadow wrote: On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? The Kaspersky editor (binary) can be moved to another partition, and you can boot the PC with a Linux OS on another disk and use the editor from there. Works (or used to) with Debian. It's called "RegistryEditor".. If you use 7-zip or something to extract it from the image, don't forget to make it executable. I tried that and couldn't get it to work. How did you do that? Easiest way, boot the Kaspersky rescue disk, copy the binary to your home folder, in which case making it executable is not necessary. You can probably find it under \usr\sbin\ Or, you can extract it from your Kaspersky Rescue Disk USB using 7-Zip (L:\ being my pendrive) L:\rescue\rescue.iso\rescue\LiveOS\squashfs.img\Li veOS\ext3fs.img\usr\sbin\RegistryEditor $ chmod +x RegistryEditor $ ./RegistryEditor Don't forget the ./ before the executable, if it's not on your path Just did it, it's very fast, as fast as Window's regedit. HTH []'s Thank you ! I had to eMail it to myself from the internal web browser. |
#13
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On 02/19/2017 06:48 PM, T wrote:
On 02/19/2017 06:36 AM, Shadow wrote: On Fri, 17 Feb 2017 14:22:45 -0800, T wrote: On 02/17/2017 03:47 AM, Shadow wrote: On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? The Kaspersky editor (binary) can be moved to another partition, and you can boot the PC with a Linux OS on another disk and use the editor from there. Works (or used to) with Debian. It's called "RegistryEditor".. If you use 7-zip or something to extract it from the image, don't forget to make it executable. I tried that and couldn't get it to work. How did you do that? Easiest way, boot the Kaspersky rescue disk, copy the binary to your home folder, in which case making it executable is not necessary. You can probably find it under \usr\sbin\ Or, you can extract it from your Kaspersky Rescue Disk USB using 7-Zip (L:\ being my pendrive) L:\rescue\rescue.iso\rescue\LiveOS\squashfs.img\Li veOS\ext3fs.img\usr\sbin\RegistryEditor $ chmod +x RegistryEditor $ ./RegistryEditor Don't forget the ./ before the executable, if it's not on your path Just did it, it's very fast, as fast as Window's regedit. HTH []'s Thank you ! I had to eMail it to myself from the internal web browser. Hi Shadow, Worked instantly with Scientific Linux 7.3. Fedora Core 25 gave me a bad time, but # dnf install libQtCore.so.4 libQtGui.so.4 fixed it. Thank you again! _T |
#14
|
|||
|
|||
GUI Registry Editor that runs on Linux?
On Sun, 19 Feb 2017 22:55:36 -0800, T wrote:
On 02/19/2017 06:48 PM, T wrote: On 02/19/2017 06:36 AM, Shadow wrote: On Fri, 17 Feb 2017 14:22:45 -0800, T wrote: On 02/17/2017 03:47 AM, Shadow wrote: On Wed, 15 Feb 2017 15:51:53 -0800, T wrote: Hi All, I have a customer with ransomware. I'd like to look at his registry off line with Linux. Other than the miserably SSSSLLLLOOOOWWW one that comes on the Kaspersky Rescue CD, does anyone know of a graphical Windows registry editor that run on Linux? The Kaspersky editor (binary) can be moved to another partition, and you can boot the PC with a Linux OS on another disk and use the editor from there. Works (or used to) with Debian. It's called "RegistryEditor".. If you use 7-zip or something to extract it from the image, don't forget to make it executable. I tried that and couldn't get it to work. How did you do that? Easiest way, boot the Kaspersky rescue disk, copy the binary to your home folder, in which case making it executable is not necessary. You can probably find it under \usr\sbin\ Or, you can extract it from your Kaspersky Rescue Disk USB using 7-Zip (L:\ being my pendrive) L:\rescue\rescue.iso\rescue\LiveOS\squashfs.img\Li veOS\ext3fs.img\usr\sbin\RegistryEditor $ chmod +x RegistryEditor $ ./RegistryEditor Don't forget the ./ before the executable, if it's not on your path Just did it, it's very fast, as fast as Window's regedit. HTH []'s Thank you ! I had to eMail it to myself from the internal web browser. Hi Shadow, Worked instantly with Scientific Linux 7.3. Fedora Core 25 gave me a bad time, but # dnf install libQtCore.so.4 libQtGui.so.4 fixed it. Thank you again! Thanks for the feedback. Good to know it worked. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
Thread Tools | |
Display Modes | Rate This Thread |
|
|